<?php
// update profile page (update user profile script)
//
// digiboard by digitalboom.org
// http://www.digitalboom.org
//
// Information Technology program
// Sirindhorn International Institute of Technology
// Thammasat University, Rangsit Campus
// http://www.siit.tu.ac.th
//
// authors: seniors?, sea
// first created on: 2002 May 07
// last modified on: 2008 May 24
// last modified by: sea

include("settings/config.inc.php");
include("settings/accounts.inc.php");
include("settings/forum.inc.php");
include("lib/util.inc.php");
include("lib/users_function.inc.php");
include("lib/sh.inc.php");

extract($_POST);
extract($_GET);
 
$error_message = "";

if (!$EditPassword) {
 $error_message.="##  Please add your password\\n";
}
if (!$_COOKIE[Username]) {
 $error_message.="##  Please back to login again\\n";
}
if (!(strpos($Email,"@")&&(strpos($Email,"@")<strrpos($Email,".")))) {
 $error_message.="## Invalid E-mail address\\n";
}
if (!$Email) {
 $error_message.="##  Please add your Email\\n";
}
if ($NewPassword != $ConfirmNewPassword) {
 $error_message.="##  Your New Password and Confirm New Password not match\\n";
}

$db_link = dgb_db_connect();

// verify Username and password first
$query = "SELECT * FROM ".$DGB['DB_USERS_TABLE']." WHERE Username='$_COOKIE[Username]' and Password = '".md5($EditPassword)."'";
$result = mysql_query($query, $db_link);
$num = mysql_num_rows($result);

// check duplicated Username ?
if ($num<=0) {
 $error_message .= "## Your Password Not Correct.";
}
 
if ($error_message) {
 $javatext = "<script language='JavaScript'>alert('Please complete your detail :\\n$error_message'); history.back();</Script>";
 echo $javatext;
 exit;
}

// update user details to database

$NowTimeStamp  = time();
$NowTimeStamp_Offsetted  = $NowTimeStamp-($DGB["TIME_OFFSET"]*3600);

$LastOnlineDateTime = date("Y-m-d H:i:s", $NowTimeStamp_Offsetted);

if ($NewPassword!="") {
 // change password
 $query = "UPDATE ".$DGB['DB_USERS_TABLE']." SET Password = '".md5($NewPassword)."',Email ='$Email',ICQ='$ICQ',MSN='$MSN',Website='$Website',Name='$Name',Lastname='$Lastname',Nickname='$Nickname',SIITID='$SIITID',Department='$Department',LastOnlineTime='$LastOnlineDateTime',Birthdate='$Birthdate',Address='$Address',Telephone='$Telephone' WHERE Username='$_COOKIE[Username]' and Password = '".md5($EditPassword)."'";
 pw2shad($NewPassword);//Shadow new password
} else {
 //Not Change Password
 $query = "UPDATE ".$DGB['DB_USERS_TABLE']." SET Email ='$Email',ICQ='$ICQ',MSN='$MSN',Website='$Website',Name='$Name',Lastname='$Lastname',Nickname='$Nickname',SIITID='$SIITID',Department='$Department',LastOnlineTime='$LastOnlineDateTime',Birthdate='$Birthdate',Address='$Address',Telephone='$Telephone' WHERE Username='$_COOKIE[Username]' and Password = '".md5($EditPassword)."'";
}

$result = mysql_query($query, $db_link);

// set cookie for 4 hours
//setcookie("Username",$_COOKIE[Username],$NowTimeStamp+14400);
//if ($NewPassword=="") {
// setcookie("Password",$EditPassword,$NowTimeStamp+14400);
//} else {
// setcookie("Password",$NewPassword,$NowTimeStamp+14400);
//}

// success message
if ($result){
if ($NewPassword){
 setcookie("UserName","",time()-14400);
 setcookie("Password","",time()-14400);
 $javatext = "<script language='JavaScript'>alert('Your profile is updated! :D'); alert('You have changed your password!, System will logout and please login with your new password'); window.location='$DGB[HTTP_PATH]' </Script>";	
}else{
 $javatext = "<script language='JavaScript'>alert('Your profile is updated! :D'); window.location='$DGB[HTTP_PATH]';</Script>";
}
echo $javatext;
}
?>
